Proxy based on request attribute content, not username realm
Oliver Gorwits
oliver.gorwits at oucs.ox.ac.uk
Tue Feb 9 09:40:41 CET 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I'd welcome some guidance on configuring FreeRADIUS (any version) to
select a onward proxy server(s) based on a RADIUS request attribute,
and not the username's realm.
The specific situation is that it would be useful to proxy based on
the wireless SSID to which a user is authenticating. In our Cisco
system, this information comes in via the Called-Station-Id
attribute of the request packet.
We're open to any kind of solution, including setting dummy realms,
or using the rlm_perl module, but would appreciate any pointers you
have, and details on the processing order within FreeRADIUS to make
sure we set things up properly.
(Yes, it's also possible just to configure different RADIUS servers
directly on the Cisco system per SSID, but we'd much prefer to have
one RADIUS configuration there, and proxy onwards from FreeRADIUS.)
Many thanks in advance,
regards,
oliver.
- --
Oliver Gorwits, Network and Telecommunications Group,
Oxford University Computing Services
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAktxH4gACgkQ2NPq7pwWBt49JgCg0YKNoh/uq0YYee7oZ+FCk+Bz
m+UAnRywfx8WQjXDsi8wiHX37a/kFnFM
=inE2
-----END PGP SIGNATURE-----
More information about the Freeradius-Users
mailing list